Security investment too low, says DTI

Most British businesses are still ill-prepared to tackle potentially damaging IT breaches despite growing publicity about computer security hazards, a survey by Department of Trade and Industry said.

The study found that three-quarters of British businesses believe they hold critical data on their computer network, but just one-quarter have adopted a policy to protect it.

"The failure to consider the increasing threats to information security is costing companies, both large and small, dearly," said Chris Potter, a partner at PriceWaterhouseCoopers (PWC).

PWC teamed with DTI and a consortium of security firms including Symantec, Genuity and RSA Security, to conduct the survey. They gathered input from more than 1,000 British firms.

Last year was the worst year yet for computer network breaches, with waves of computer viruses, worms and hack attacks inflicting hundreds of millions of dollars worth of damage to corporate network around the globe, security experts said.

The DTI survey said the average cost of a serious computer network breach for a UK firm amounted to 30,000 pounds; several companies reported incidents costing more than 500,000 pounds. According to the study, UK businesses consistently fail to invest sufficient funds in computer security. Three-quarters spend under one percent of their IT budget on computer security, the study said.